CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2015-0272 – NetworkManager: remote DoS using IPv6 RA with bogus MTU
https://notcve.org/view.php?id=CVE-2015-0272
23 Sep 2015 — GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. NOME NetworkManager permite a atacantes remotos causar una denegación de servicio (interrupción del tráfico IPv6) a través de un valor MTU manipulado en un mensaje Router Advertisement (RA) IPv6, una vulnerabilidad diferente a CVE-2015-8215. It was discovered that NetworkManager would set device... • http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-6243 – wireshark: Dissector table crash (wnpa-sec-2015-23)
https://notcve.org/view.php?id=CVE-2015-6243
24 Aug 2015 — The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. Vulnerabilidad en la implementación dissector-table en epan/packet.c en Wireshark 1.12.x en versiones anteriores a 1.12.7, maneja incorrectamente las búsquedas de cadenas vacías ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-6244 – wireshark: ZigBee dissector crash (wnpa-sec-2015-24)
https://notcve.org/view.php?id=CVE-2015-6244
24 Aug 2015 — The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Vulnerabilidad en la función dissect_zbee_secure en epan/dissectors/packet-zbee-security.c en el disector ZigBee en Wireshark 1.12.x en versiones anteriores a 1.12.7, confía inadecuadamente en los campos de longitud c... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html • CWE-20: Improper Input Validation CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-6245 – wireshark: GSM RLC/MAC dissector infinite loop (wnpa-sec-2015-25)
https://notcve.org/view.php?id=CVE-2015-6245
24 Aug 2015 — epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Vulnerabilidad en epan/dissectors/packet-gsm_rlcmac.c en el disector GSM RLC/MAC en Wireshark 1.12.x en versiones anteriores a 1.12.7, usa tipos de datos de enteros incorrectos, lo que permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un pa... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html • CWE-20: Improper Input Validation CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-6246 – wireshark: WaveAgent dissector crash (wnpa-sec-2015-26)
https://notcve.org/view.php?id=CVE-2015-6246
24 Aug 2015 — The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Vulnerabilidad en la función dissect_wa_payload en epan/dissectors/packet-waveagent.c en el disector WaveAgent en Wireshark 1.12.x en versiones anteriores a 1.12.7, no maneja adecuadamente los valores de etiqueta grandes, lo que permite a atacantes re... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-6248 – wireshark: Ptvcursor crash (wnpa-sec-2015-28)
https://notcve.org/view.php?id=CVE-2015-6248
24 Aug 2015 — The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Vulnerabilidad en la función ptvcursor_add en la implementación ptvcursor en epan/proto.c en Wireshark 1.12.x en versiones anteriores a 1.12.7, no comprueba si la cantidad de datos esperada está disponible, lo que permite a atacantes rem... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 12%CPEs: 65EXPL: 0CVE-2015-5165 – Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140)
https://notcve.org/view.php?id=CVE-2015-5165
12 Aug 2015 — The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Vulnerabilidad en la emulación de modo offload C+ en el modelo de tarjeta de red del dispositivo RTL8139 en QEMU, tal y como se utiliza en Xen 4.5.x y versiones anteriores, permite a atacantes remotos leer la memoria dinámica del proceso a través de vectores no especificados. An information leak flaw was found in the wa... • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 6%CPEs: 5EXPL: 0CVE-2015-0253 – httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path
https://notcve.org/view.php?id=CVE-2015-0253
20 Jul 2015 — The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI. La función read_request_line en server/protocol.c del Servidor HTTP Apache en su versión 2.4.12 no inicializa el pro... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 2%CPEs: 17EXPL: 0CVE-2015-1819 – libxml2: denial of service processing a crafted XML document
https://notcve.org/view.php?id=CVE-2015-1819
07 Jul 2015 — The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Vulnerabilidad en el xmlreader en libxml, permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de datos XML manipulados, relacionada con un ataque XML Entity Expansión (XEE). A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 6%CPEs: 27EXPL: 1CVE-2015-4643 – php: integer overflow in ftp_genlist() resulting in heap overflow (improved fix for CVE-2015-4022)
https://notcve.org/view.php?id=CVE-2015-4643
04 Jul 2015 — Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022. Desbordamiento de entero en la función ftp_genlist en ext/ftp/ftp.c en PHP en versiones anteriores a 5.4.42, 5.5.x en versiones anteriores a 5.5.26 y 5.6.x en versiones anter... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •